Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa
File:                     64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa (raw, json)
Hash identifier:          5OnsH8XzlOhuj8Fc0ADUdzYyWskGBw4FAJ88JTdeJgE=
Subject key identifier:   2E:CA:F1:D1:89:2A:74:26:3A:65:B0:F8:2F:C7:D3:73:5A:41:63:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1802D4BC90E250B235E69EF614357A954A8680E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa
Signing time:             Tue 04 Mar 2025 16:40:51 +0000
ROA not before:           Tue 04 Mar 2025 16:40:51 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.22.96.0/19 maxlen: 19
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:02:d4:bc:90:e2:50:b2:35:e6:9e:f6:14:35:7a:95:4a:86:80:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  4 16:40:51 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7f:8e:98:8a:67:66:04:04:11:c0:80:32:33:
                    fd:aa:2a:4d:58:c6:fd:e0:b3:b3:97:22:8f:53:06:
                    26:39:fc:41:1c:71:d6:b1:90:02:32:c1:af:b7:cc:
                    07:19:bf:1c:b2:b8:88:d2:40:e3:c2:35:29:2a:d0:
                    ad:2f:a1:1f:17:0c:1d:40:64:e7:e3:ec:ac:a7:3c:
                    2d:12:29:ea:20:30:b0:8d:2d:4a:cd:c7:97:c8:a5:
                    6c:58:fd:7f:89:85:d6:40:3d:4c:a5:9b:47:6b:a4:
                    49:b2:3e:ca:05:e9:cd:63:07:14:02:58:d0:a3:16:
                    8d:e8:22:ef:bf:77:c0:27:06:69:36:56:ee:75:13:
                    34:a2:5c:24:65:13:0d:e1:af:d9:4d:a4:76:d3:48:
                    8e:e2:b1:c8:ef:5d:52:be:3e:c8:93:cd:19:c6:5e:
                    3d:d1:a5:be:2f:34:2a:93:69:2b:3e:fe:36:a8:43:
                    6e:0d:b3:36:17:66:c0:7f:36:ee:4a:da:ab:ee:81:
                    1a:58:3c:59:08:c5:c3:94:89:0a:84:06:c8:9e:92:
                    64:83:fb:3f:57:16:ae:6e:86:0a:09:0e:1f:18:94:
                    fe:f8:16:f4:b8:43:6c:c1:7d:86:d0:75:75:0f:22:
                    89:25:68:ff:80:4a:fd:ec:ce:a6:c5:e8:98:dc:37:
                    3d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CA:F1:D1:89:2A:74:26:3A:65:B0:F8:2F:C7:D3:73:5A:41:63:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64cca42d-40a8-4dca-85f4-0ac6a32e6088.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.22.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         82:c4:b8:78:c8:be:f4:85:3f:0e:a1:55:ab:3d:b1:9e:65:4d:
         31:45:80:be:5e:6f:8b:ed:c7:b4:65:3c:41:d1:11:0a:6f:fd:
         47:70:fa:00:94:21:a4:97:41:c6:fe:fe:dd:3a:04:fa:b3:4b:
         bc:78:ed:b1:7a:48:46:b9:36:d6:0e:6c:69:50:21:e7:e4:71:
         e8:12:95:7a:a4:6b:9a:2e:4f:bf:63:96:9f:94:65:30:8f:13:
         55:d5:33:a6:80:ab:3f:14:60:54:a9:0e:41:5e:46:db:a5:ed:
         d6:cd:2c:33:14:18:8a:ce:a7:dd:e7:a4:2a:9d:78:c8:a4:a9:
         83:24:31:81:61:fc:92:5f:fb:f5:0e:34:d1:26:90:d5:84:ff:
         d6:40:6a:32:b4:92:de:aa:c1:f6:b8:46:71:62:ac:78:e9:f0:
         05:81:3a:91:d6:bf:f0:15:45:82:0e:cf:b9:f0:02:9b:5b:5b:
         62:eb:af:42:f9:78:52:58:f2:c5:61:55:98:f4:a7:d0:b6:d8:
         89:ee:02:81:36:c8:cd:43:4b:8d:43:22:21:ac:9c:aa:15:28:
         3d:83:09:a2:64:9d:72:f0:ca:cc:a4:ba:c8:57:be:cc:84:cf:
         fb:b5:ef:b6:d5:ca:bc:75:7b:83:a5:54:67:3b:ec:fb:fd:c4:
         d5:78:7a:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGALUvJDiULI15p72FDV6lUqGgOUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA0MTY0MDUxWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGZlNzBjYWE3ZmQ0MjZjNmI1MDdiNjc3ZDA1MjFiMTM3
NWZkMTEyMTdmOWJkZGQ4ZmExZWM3MmM0NWE5Mjg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlf46YimdmBAQRwIAyM/2qKk1Yxv3gs7OXIo9TBiY5/EEc
cdaxkAIywa+3zAcZvxyyuIjSQOPCNSkq0K0voR8XDB1AZOfj7KynPC0SKeogMLCN
LUrNx5fIpWxY/X+JhdZAPUylm0drpEmyPsoF6c1jBxQCWNCjFo3oIu+/d8AnBmk2
Vu51EzSiXCRlEw3hr9lNpHbTSI7iscjvXVK+PsiTzRnGXj3Rpb4vNCqTaSs+/jao
Q24NszYXZsB/Nu5K2qvugRpYPFkIxcOUiQqEBsiekmSD+z9XFq5uhgoJDh8YlP74
FvS4Q2zBfYbQdXUPIoklaP+ASv3szqbF6JjcNz3fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULsrx0YkqdCY6ZbD4L8fTc1pBY4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0Y2NhNDJkLTQwYTgtNGRjYS04NWY0LTBhYzZhMzJlNjA4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUXFmAwDQYJKoZIhvcNAQELBQADggEBAILEuHjIvvSFPw6hVas9sZ5lTTFF
gL5eb4vtx7RlPEHREQpv/Udw+gCUIaSXQcb+/t06BPqzS7x47bF6SEa5NtYObGlQ
IefkcegSlXqka5ouT79jlp+UZTCPE1XVM6aAqz8UYFSpDkFeRtul7dbNLDMUGIrO
p93npCqdeMikqYMkMYFh/JJf+/UONNEmkNWE/9ZAajK0kt6qwfa4RnFirHjp8AWB
OpHWv/AVRYIOz7nwAptbW2Lrr0L5eFJY8sVhVZj0p9C22InuAoE2yM1DS41DIiGs
nKoVKD2DCaJknXLwysykushXvsyEz/u177bVyrx1e4OlVGc77Pv9xNV4eos=
-----END CERTIFICATE-----